1. 13 2月, 2016 1 次提交
    • R
      Rename INSTALL_PREFIX to DESTDIR, remove option --install_prefix · 3c65577f
      Richard Levitte 提交于
      INSTALL_PREFIX is a confusing name, as there's also --prefix.
      Instead, tag along with the rest of the open source world and adopt
      the Makefile variable DESTDIR to designate the desired staging
      directory.
      
      The Configure option --install_prefix is removed, the only way to
      designate a staging directory is with the Makefile variable (this is
      also implemented for VMS' descrip.mms et al).
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      3c65577f
  2. 12 2月, 2016 2 次提交
  3. 11 2月, 2016 1 次提交
  4. 10 2月, 2016 1 次提交
  5. 09 2月, 2016 1 次提交
  6. 06 2月, 2016 2 次提交
  7. 04 2月, 2016 3 次提交
    • R
      0f45c26f
    • E
      RT4148 · ba2de73b
      Emilia Kasper 提交于
      Accept leading 0-byte in PKCS1 type 1 padding. Internally, the byte is
      stripped by BN_bn2bin but external callers may have other expectations.
      
      Reviewed-by: Kurt Roeckx<kurt@openssl.org>
      ba2de73b
    • E
      RT3234: disable compression · dc5744cb
      Emilia Kasper 提交于
      CRIME protection: disable compression by default, even if OpenSSL is
      compiled with zlib enabled. Applications can still enable compression by
      calling SSL_CTX_clear_options(ctx, SSL_OP_NO_COMPRESSION), or by using
      the SSL_CONF library to configure compression. SSL_CONF continues to
      work as before:
      
      SSL_CONF_cmd(ctx, "Options", "Compression") enables compression.
      
      SSL_CONF_cmd(ctx, "Options", "-Compression") disables compression (now
      no-op by default).
      
      The command-line switch has changed from -no_comp to -comp.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      dc5744cb
  8. 01 2月, 2016 1 次提交
  9. 31 1月, 2016 1 次提交
  10. 29 1月, 2016 1 次提交
  11. 28 1月, 2016 2 次提交
    • M
      CHANGES and NEWS updates for release · 502bed22
      Matt Caswell 提交于
      Add details about the latest issues fixed in the forthcoming release.
      Reviewed-by: NRich Salz <rsalz@openssl.org>
      502bed22
    • R
      Remove outdated legacy crypto options · 3e9e810f
      Rich Salz 提交于
      Many options for supporting optimizations for legacy crypto on legacy
      platforms have been removed.  This simplifies the source code and
      does not really penalize anyone.
              DES_PTR (always on)
              DES_RISC1, DES_RISC2 (always off)
              DES_INT (always 'unsigned int')
              DES_UNROLL (always on)
              BF_PTR (always on) BF_PTR2 (removed)
              MD2_CHAR, MD2_LONG (always 'unsigned char')
              IDEA_SHORT, IDEA_LONG (always 'unsigned int')
              RC2_SHORT, RC2_LONG (always 'unsigned int')
              RC4_LONG (only int and char (for assembler) are supported)
              RC4_CHUNK (always long), RC_CHUNK_LL (removed)
              RC4_INDEX (always on)
      And also make D_ENCRYPT macro more clear (@appro)
      
      This is done in consultation with Andy.
      Reviewed-by: NAndy Polyakov <appro@openssl.org>
      3e9e810f
  12. 26 1月, 2016 1 次提交
  13. 22 1月, 2016 1 次提交
    • R
      Refresh the thinking of --prefix and --openssldir · d74dfafd
      Richard Levitte 提交于
      --prefix is now exclusively used for software and manual installation.
      --openssldir is not exclusively used as a default location for certs,
      keys and the default openssl.cnf.
      
      This change is made to bring clarity, to have the two less
      intertwined, and to be more compatible with the usual ways of software
      installation.
      
      Please change your habits and scripts to use --prefix rather than
      --openssldir for installation location now.
      Reviewed-by: NViktor Dukhovni <viktor@openssl.org>
      d74dfafd
  14. 20 1月, 2016 1 次提交
  15. 16 1月, 2016 1 次提交
  16. 15 1月, 2016 1 次提交
  17. 13 1月, 2016 1 次提交
  18. 12 1月, 2016 3 次提交
  19. 08 1月, 2016 3 次提交
    • V
      DANE CHANGES · 59fd40d4
      Viktor Dukhovni 提交于
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      59fd40d4
    • V
      Backwards-compatibility subject to OPENSSL_API_COMPAT · 98186eb4
      Viktor Dukhovni 提交于
      Provide backwards-compatiblity for functions, macros and include
      files if OPENSSL_API_COMPAT is either not defined or defined less
      than the version number of the release in which the feature was
      deprecated.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      98186eb4
    • R
      mem functions cleanup · bbd86bf5
      Rich Salz 提交于
      Only two macros CRYPTO_MDEBUG and CRYPTO_MDEBUG_ABORT to control this.
      If CRYPTO_MDEBUG is not set, #ifdef out the whole debug machinery.
              (Thanks to Jakob Bohm for the suggestion!)
      Make the "change wrapper functions" be the only paradigm.
      Wrote documentation!
      Format the 'set func' functions so their paramlists are legible.
      Format some multi-line comments.
      Remove ability to get/set the "memory debug" functions at runtme.
      Remove MemCheck_* and CRYPTO_malloc_debug_init macros.
      Add CRYPTO_mem_debug(int flag) function.
      Add test/memleaktest.
      Rename CRYPTO_malloc_init to OPENSSL_malloc_init; remove needless calls.
      Reviewed-by: NRichard Levitte <levitte@openssl.org>
      bbd86bf5
  20. 02 1月, 2016 2 次提交
    • V
      Protocol version selection and negotiation rewrite · 4fa52141
      Viktor Dukhovni 提交于
      The protocol selection code is now consolidated in a few consecutive
      short functions in a single file and is table driven.  Protocol-specific
      constraints that influence negotiation are moved into the flags
      field of the method structure.  The same protocol version constraints
      are now applied in all code paths.  It is now much easier to add
      new protocol versions without reworking the protocol selection
      logic.
      
      In the presence of "holes" in the list of enabled client protocols
      we no longer select client protocols below the hole based on a
      subset of the constraints and then fail shortly after when it is
      found that these don't meet the remaining constraints (suiteb, FIPS,
      security level, ...).  Ideally, with the new min/max controls users
      will be less likely to create "holes" in the first place.
      Reviewed-by: NKurt Roeckx <kurt@openssl.org>
      4fa52141
    • K
      7946ab33
  21. 15 12月, 2015 2 次提交
  22. 13 12月, 2015 1 次提交
  23. 11 12月, 2015 1 次提交
  24. 10 12月, 2015 2 次提交
  25. 08 12月, 2015 1 次提交
  26. 07 12月, 2015 1 次提交
  27. 06 12月, 2015 1 次提交
  28. 05 12月, 2015 1 次提交